summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-03-07logrotate: T4250: Fixed logrotate config generationzsdc
* Removed `/var/log/auth.log` and `/var/log/messages` from `/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled items what leads to service error. * Removed generation config file for `/var/log/messages` from `system-syslog.py` - this should be done from `syslom logs` now. * Generate each logfile from `system syslog file` to a dedicated logrotate config file. * Fixed logrotate config file names in `/etc/rsyslog.d/vyos-rsyslog.conf`. * Added default logrotate settins for `/var/log/messages`
2022-03-06smoketest: config: add "recent" firewall rule to dialup-routerChristian Poessinger
2022-03-05flow-accounting: T4277: delete Debian common configsChristian Poessinger
2022-03-05conntrackd: T4259: fix daemon configuration pathChristian Poessinger
2022-03-05conntrackd: T4259: prevent startup of multiple daemon instancesChristian Poessinger
2022-03-04op-mode: lldp: T3999: bugfix cap' referenced before assignmentChristian Poessinger
2022-03-04interface: T4203: bugfix Q-in-Q interface parsingChristian Poessinger
Commit 0e23fc10 ("interface: T4203: switch to new recursive node_changed() implementation") switched to a new implementation to retrieve nested changes under a CLI node. Unfortunately the new API was not called - instead the old one was used.
2022-03-03static: T4283: support "reject" routes - emit an ICMP unreachable when matchedChristian Poessinger
2022-03-03static: T4283: create re-usable XML interface definitions for blackholeChristian Poessinger
2022-03-03static: T4283: fix help string for route/route6Christian Poessinger
2022-03-03interface: T4203: switch to new recursive node_changed() implementationChristian Poessinger
2022-03-03Merge pull request #1239 from jestabro/recursive-diffJohn Estabrook
configdiff: T4260: add support for diff_tree class
2022-03-02configdiff: T4260: add support for diff_tree classJohn Estabrook
Add support for the configtree diff algorithm. A new function ConfigDiff().is_node_changed(path) -> bool is added to recursively detect changes in the tree below the node at path; existing functions take the keyword argument 'recursive: bool' to apply the algorithm in place of the existing, non-recursive, comparison.
2022-03-01Merge pull request #1238 from jestabro/delete-treeJohn Estabrook
T4235: changes to interface of diff_tree class
2022-03-01flow-accounting: T4277: support sending flow-data via VRF interfaceChristian Poessinger
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name>
2022-02-28Merge pull request #1237 from srividya0208/T4275Christian Poessinger
ipsec prefix: T4275: Incorrect val_help for local/remote prefix in site-to-site ipsec vpn
2022-02-28configtree: T4235: distinguish sub(-tract) tree from delete treeJohn Estabrook
The DiffTree class maintains both the 'sub'(-tract) configtree, containing all paths in the LHS of the comparison that are not in the RHS, and the 'delete' configtree: the delete tree is the minimal subtree containing only the first node of a path not present in the RHS. It is the delete tree that is needed to produce 'delete' commands for config mode, whereas the 'sub' tree contains full information, needed for recursively detecting changes to a node.
2022-02-28configtree: T4235: allow empty argumentsJohn Estabrook
2022-02-28configtree: T4235: simplification of diff_tree classJohn Estabrook
The return value of diff_tree is now a single config_tree, with initial children of names: ["add", "delete", "inter"] containing the config sub-trees of added paths; deleted paths; and intersection, respectively. The simplifies dumping to json, and checking existence of paths, hence, of node changes.
2022-02-28configtree: T4235: add utility get_subtreeJohn Estabrook
2022-02-28ipsec prefix: T4275: Incorrect val_help for local/remote prefixsrividya0208
It accepts network as the input value but the completion help is showing ip address
2022-02-28open-connect: T4274: extend RADIUS authentication timeoutRageLtMan
RADIUS authentication can be handled by a variety of mechanisms, including proxy for 2FA systems requiring user interaction with a separate device, token acquisition, or other time-consuming action. Given the delays required for certain 2FA implementations, a thirty second timeout can range from onerous to untenable. Accomodate the 2FA time requirements by extending the hard-coded RADIUS time limit from 30 seconds to 240. Co-authored-by: RageLtMan <rageltman [at] sempervictus>
2022-02-28ssh: T4273: bugfix cipher and key-exchange multi nodesChristian Poessinger
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility
2022-02-26lldp: T4272: minor bugfix in Jinja2 template for locationChristian Poessinger
2022-02-26smoketest: lldp: add testcaseChristian Poessinger
(cherry picked from commit 2fd5eea801bb524c12217c26d98c44a819b2086e)
2022-02-26lldp: T4272: migrate to get_config_dict()Christian Poessinger
2022-02-25nat: T1083: use defaultValue from XML when handling translationsChristian Poessinger
2022-02-25smoketest: zone-policy: use setUpClass() over setUp()Christian Poessinger
2022-02-25zone-policy: T2199: bugfix defaultValue usageChristian Poessinger
Instead of hardcoding the default behavior inside the Jinaj2 template, all defaults are required to be specified inside teh XML definition. This is required to automatically render the appropriate CLI tab completion commands.
2022-02-25vpn: ipsec: T3093: add missing defaultValue entriesChristian Poessinger
2022-02-25monitoring: T3872: re-use "port" building block from port-number.xml.iChristian Poessinger
2022-02-25xml: webproxy: add comment about explicitly not set defaultValueChristian Poessinger
2022-02-25wireless: ifconfig: T2653: add missing defaultValue for mgmt-frame-protectionChristian Poessinger
2022-02-25smoketest: webproxy: use setUpClass() over setUp()Christian Poessinger
2022-02-25dhcp-relay: T3095: add missing max-size default valueChristian Poessinger
2022-02-24scripts: T4269: node.def generator should automatically add default valuesChristian Poessinger
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help.
2022-02-23smoketest: tunnel: indention fixupChristian Poessinger
2022-02-23tunnel: T4267: "parameters ip key" on GRE not required for different remotesChristian Poessinger
2022-02-22vxlan: T4264: interface is destroyed and rebuild on description changeChristian Poessinger
When changing "general" parameters like: - interface IP address - MTU - description the interface is destroyed and recreated ... this should not happen!
2022-02-22vyos.configdict: T4263: leaf_node_changed() must also honor valueLess CLI nodesChristian Poessinger
If a valueLess node is added or removed from the CLI, a call to leaf_node_changed() will not detect it. If node is valueLess, on change old or new (depending on addition or deletion) will be {} and is treated as None. Add handler for this special case where old or new is an instance of a dictionary but empty.
2022-02-22Merge pull request #1230 from sever-sever/T1856Christian Poessinger
ipsec: T1856: Ability to set SA life bytes and packets
2022-02-21Merge pull request #1233 from dmbaturin/structured-op-modeJohn Estabrook
T2719: initial batch of standardized structure op mode scripts
2022-02-21Merge pull request #1232 from srividya0208/T4115John Estabrook
T4115:Reboot:Options "in" and "at" are not working as expected
2022-02-21Merge pull request #1231 from sever-sever/T3948Christian Poessinger
ipsec: T3948: Add CLI site-to-site peer connection-type none
2022-02-21Merge pull request #1234 from srividya0208/T3656Christian Poessinger
vpn_ipsec: T3656: modified completion help for key-exchange
2022-02-21smoketest: vxlan: T4120: verify support for multiple remote addressesChristian Poessinger
2022-02-21vxlan: T4120: code cleanup for multiple remotesChristian Poessinger
2022-02-21T2719: initial batch of standardized structure op mode scriptsDaniil Baturin
2022-02-21vpn_ipsec: T3656: modified completion help for key-exchangesrividya0208
In latest releases, default IKE version is removed, which allows the connection to be IKEv1 or IKEv2. The completion help shows IKEv1 as default so removed it.
2022-02-20bridge: remove unreferenced import -> leaf_node_changedChristian Poessinger